13 June 2014

Add indent capability to your Google Drive spreadsheets

This addition to your Google Drive script repository allows you to indent and outdent text within a cell or multiples cells of a Drive spreadsheet.

Detailed Discussion

 https://productforums.google.com/forum/#!topic/docs/lUI-yFixCjw

Procedure

Open up the spreadsheet and select menu item "Tools" --> "Script Editor"
Once the script editor opens copy and paste the following code into the "Code.gs" window:


/**
 * Adds indent capability to Drive spreadsheets. 
 * More at https://productforums.google.com/forum/#!topic/docs/lUI-yFixCjw

 */

var ss = SpreadsheetApp.getActiveSpreadsheet();


function moveText(direction) {
  var values = ss.getActiveRange().getValues();
  var cols = ss.getActiveRange().getNumColumns();
  var rows = ss.getActiveRange().getNumRows();

  
  var newValues = new Array();

    
  for (x = 1; x <= rows; x++) {
    for (y = 1; y <= cols; y++) {
      var cell = ss.getActiveRange().getCell(x, y);
      var value = cell.getValue();
      var formula = (direction == ">>>") ? '=CONCAT(REPT( CHAR( 160 ), 5),"' + value + '")'
      : '=IF(TRIM(LEFT("' + value + '", 5))=CONCAT(REPT( CHAR( 160 ), 5),""), MID("' + value + '", 6, LEN("' + value + '")), TRIM("' + value + '"))';
      
      if (value != '') {
        cell.setFormula([formula]);
        cell.setValue(cell.getValue());
      } else {
        cell.setValue(['']);
      }
    }
  }
};


function indentText() {
  moveText(">>>");
};


function flushLeft() {
  moveText("<<<");

};


function onOpen() {
  var sheet = SpreadsheetApp.getActiveSpreadsheet();

  var entries = [{
    name : ">>>",
    functionName : "indentText"
  },{
    name : "<<<",
    functionName : "flushLeft"

  }];
  sheet.addMenu("Indent Text", entries);
};


Go to menu "File" --> "Save"
Return to your spreadsheet and reload the browser.  You should now see a new menu item called "Indent Text" to the right of the "Help" menu.

What this code does is add a menu to the spreadsheet document called "Indent Text".
Within this menu it will create a menu item called "Indent Text".
When the "indent Text" menu item is selected any cells within a single column selection will be indented by 5 spaces.

You can increase or decrease the number of spaces the text is indented by changing the line below so that the "5" is changed to a larger or smaller number (depending on your preference)

      newValues.push(['=CONCAT(REPT( CHAR( 160 ), 5),"' + values[i][0] + '")']);

This code will work on multiple cells so you can select an entire column and indent in bulk.

Note that I have included the modified version of code (by andyrau) that allows you to "unindent," rather than the original code by leighelliott78. Thanks to both leighelliott78 and andyrau for this helpful script!


GameOver Zeus & CryptoLocker are expected to cause problems soon

So what is GameOver Zeus & CryptoLocker?

They are two types of attacks that work together being propagated from some of the largest global cybercrime networks. Normally spread as an innocent and official looking link or email attachment, Gameover Zeus silently monitors data and intercepts communications with online banking sites in order to steal login details and passwords.

Whether or not it succeeds, it will launch the second attack, Cryptolocker, which encrypts the files on a computer and extorts a heavy ransom from the user to regain control of their machine. Once infected, the machine then becomes part of the network spreading the attack. Over $100 million have already been stolen.




Why such a short window to act?

On the 2nd June, the FBI, Europol and the UK’s National Crime Agency announced they had
temporarily disrupted the network of machines spreading the infection, and warned users they have a two-week window to ensure their computers are secure. That deadline is when they expect the
cybercriminal behind the attack to regain control of the network and potentially
unleash a large scale cyber-attack.



05 June 2014

Heartbleed Redux: Another Gaping Wound in Web Encryption Uncovered

By Andy Greenberg

Source: Wired 5-June-2014




The internet is still reeling from the discovery of the Heartbleed vulnerability, a software flaw exposed in April that broke most implementations of the widely used encryption protocol SSL. Now, before Heartbleed has even fully healed, another major bug has ripped off the scab.
On Thursday, the OpenSSL Foundation published an advisory warning to users to update their SSL yet again, this time to fix a previously unknown but more than decade-old bug in the software that allows any network eavesdropper to strip away its encryption. The non-profit foundation, whose encryption is used by the majority of the Web’s SSL servers, issued a patch and advised sites that use its software to upgrade immediately.
The new attack, found by Japanese researcher Masashi Kikuchi, takes advantage of a portion of OpenSSL’s “handshake” for establishing encrypted connections known as ChangeCipherSpec, allowing the attacker to force the PC and server performing the handshake to use weak keys that allows a “man-in-the-middle” snoop to decrypt and read the traffic.
“This vulnerability allows malicious intermediate nodes to intercept encrypted data and decrypt them while forcing SSL clients to use weak keys which are exposed to the malicious nodes,” reads an FAQ published by Kikuchi’s employer, the software firm Lepidum. Ashkan Soltani, a privacy researcher who has been involved in analyzing the Snowden NSA leaks for the NSA and closely tracked SSL’s woes, offers this translation: “Basically, as you and I are establishing a secure connection, an attacker injects a command that fools us to thinking we’re using a ‘private’ password whereas we’re actually using a public one.”
Unlike the Heartbleed flaw, which allowed anyone to directly attack any server using OpenSSL, the attacker exploiting this newly discovered bug would have to be located somewhere between the two computers communicating. But that still leaves open the possibility that anyone from an eavesdropper on your local Starbucks’ network to the NSA to strip away your Web connection’s encryption before it’s even initialized.
The new attack does have other limitations: It can only be used when both ends of a connection are running OpenSSL. Most browsers use other SSL implementations and so aren’t affected, says Ivan Ristic, director of engineering at the security firm Qualys, though he adds that Android web clients likely do use the vulnerable code. Among servers, only those using more recent versions of SSL are affected–about 24 percent of the 150,000 servers that Qualys has scanned. He also warns that many VPNs may use OpenSSL and thus be vulnerable. “VPNs are a very juicy target,” Ristic says. “People who really care about security use them, and there’s likely to be sensitive data there.”
According to a blog post by Kikuchi, the roots of the OpenSSL flaw have existed since the very first release of the software in 1998. He argues that despite the widespread dependence on the software and its recent scrutiny following the Heartbleed revelation, OpenSSL’s code still hasn’t received enough attention from security researchers. “The biggest reason why the bug hasn’t been found for over 16 years is that code reviews were insufficient, especially from experts who had experiences with TLS/SSL implementation,” he writes. “They could have detected the problem.”
The revelation of the bug on the one-year anniversary of the Guardian’s first publication of Snowden’s NSA leaks adds to that grim lesson, says security researcher Soltani. He points to efforts by privacy groups like Reset The Net that have used the Snowden revelations as inspiration to push Internet users and companies to implement more pervasive encryption. Those efforts are undermined, he points out, by the fact that some of the oldest and most widely used encryption protocols may still have fundamental flaws. “There are huge efforts by companies and activists to deploy tools that ‘add proven security,’” he says, quoting Reset The Net’s website. “Yet there’s very little actual work and support of the underlying tools that are being deployed, like OpenSSL. It’s pretty shameful that the core library that practically the entire internet relies on for transport security is maintained by a handful of under-resourced engineers.”